ActiveX, Remote DoS and XSS

ActiveX, Remote DoS and XSS - because I've been busy and couldn't think of a better title for this post.

Here's some free (lame) 0day bugs until I have time to write a post about some more interesting ones.

GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It has 4,195 weekly downloads from SourceForge and is installed on about a hundred web sites including numerous government servers.

It's also installed on at least one defence company's server (if the comments on the GeoServer SourceForge page are to be believed.)

The latest stable version of GeoServer, version 2.1.3, sufferes from multiple cross-site scripting vulnerabilities.

Gallery

Gallery is "a slick, intuitive web based photo gallery." It has 9,225 weekly downloads from SourceForge and is installed on a couple of hundred web sites.

The latest version of Gallery, version 3.0.2, sufferes from a cross-site scripting vulnerability.

acarsd

acarsd is an ACARS decoder for a LINUX or Windows PC which attempts to decode ACARS transmissions in real-time using up to four Soundcards. acarsd is also a realtime ACARS Server / ACARS webserver, for the worldwide spotter and ACARS community, if you wish.

The HTTP server component of acarsd version 1.65, running on port 8080 by default, suffers from a remote denial of service vulnerability. The web server is not enabled by default.

The following proof of concept contains two different payloads which should trigger a crash.

HPQWACOMLib.WACom

The HPQWACOMLib ActiveX control is part of the HP Wireless Assistant tool and is shipped by default on several series of HP laptops. The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth, WLAN, or WWAN devices). It just so happens that this control has the power to disable network adapters. The following proof of concept provides an effective and simple method for remote denial of service: